TweetDeck hijacked by pranksters, users receive absurd messages

By Christian Brazil Bautista Published June 13, 2014

tweetdeck hijacked pranksters users receive penis messages tweetdeck2 — Image used with permission by copyright holder

A security flaw in TweetDeck was exposed last Wednesday, causing the service to turn itself on and off over the course of a few hours. While the app was scrambling to restore service to users, hackers were having a field day, doing their best imitation of a 10-year old boy, plastering messages like “penis penis penis,” and “I love poop,” in alert boxes that took over the software.

The messages ranged from the comically inane…

Recommended Videos

Als ich #TweetDeck geöffnet habe und dieses Fenster sah, fühlte ich mich schon fast persönlich angegriffen^^ pic.twitter.com/UvQqTlKeBw

— • (@Negiert) June 11, 2014

Tweetdeck XSS pic.twitter.com/tgT9w0bZ1q

— Andreas Lindh (@addelindh) June 11, 2014

Good to know, Tweetdeck. Thanks! pic.twitter.com/YJ0qQox5Ar

— Agustina Prigoshin (@AgustinaP) June 11, 2014

To prompts that are just plain weird.

Tweetdeck is not fixed. pic.twitter.com/Zt0N5GkUFl

— Tyler Wilde (@tyler_wilde) June 11, 2014

Just like everything else in life, the disruption was also improved by some rickrollling.

hackers from 2007 are currently rickrolling ppl on TweetDeck tho pic.twitter.com/HfO03OiLjy

— Anthony B. L. Smith (@AnthonyBLSmith) June 11, 2014

According to CNNMoney, the security hole was discovered by an Austrian teenager named Florian. The vulnerability, which took advantage of TweetDeck’s cross-site scripting (XSS) capability, was exposed through the use of a heart symbol that contained a string of code. Florian said that he discovered that using “&hearts” to create a heart symbol opened a security flaw in the app that allowed people to send computer program commands through tweets.

He notified Twitter of the flaw, but pranksters were quick to take advantage of the vulnerability. One hacker even managed to create a code that caused users to auto-retweet his messages. The Twitter accounts of the New York Times and SFGate were affected by the disruption. The code for the re-tweet hack can be found below. So far, it’s been retweeted 79,000 times.

<script class=”xss”>$(‘.xss’).parents().eq(1).find(‘a’).eq(1).click();$(‘[data-action=retweet]’).click();alert(‘XSS in Tweetdeck’)</script>♥

— *andy (@derGeruhn) June 11, 2014

TweetDeck announced that the security hole was patched early on Thursday. However, some users were still reporting issues.

No, @TweetDeck is still NOT fixed. https://t.co/YM7IREhRlq is still hitting people. pic.twitter.com/nBUdkxHeg3

— Chris Pirillo (@ChrisPirillo) June 11, 2014

In a blog post, anti-virus software maker McAfee offered recommendations for dealing with the disruption. The company rattled off the usual laundry list of security measures, asking users to sign out of TweetDeck, change passwords regularly (14 characters is ideal) and to avoid third-party apps.

Topics

Twitter

Christian Brazil Bautista

Former Digital Trends Contributor

Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…

Mobile

Samsung’s budget Galaxy Z Flip FE will keep this spec from the Galaxy Z Flip 6

Someone holding the Samsung Galaxy Z Flip 6, showing the inner display.

The Samsung Galaxy Z Flip FE is expected to launch sometime next year, most likely toward the end of the second quarter of 2025. We don't know a lot about the budget-oriented flip phone yet except that it's expected to use the Exynos 2500 chip. Now, another leak suggests it will keep the same display as the Galaxy Z Flip 6.

Ross Young, a known tipster and supply chain analyst, responded to a comment on X and stated that the Z Flip FE would have the same panel as the Z Flip 6. For reference, that's a 6.7-inch AMOLED panel with 2640 x 1080 resolution, a 120Hz variable refresh rate, and a maximum brightness of 2600 nits.

Mobile

Here’s our best look at the sequel to one of 2024’s best budget smartphones

heres our best look at oneplus 13r sequel to 2024 budget smartphone 2 leak

One of the most anticipated new phones for 2025, the OnePlus 13R, is expected to arrive soon. We have our best look yet at this successor to the OnePlus 12R, thanks to fresh images from tipster @MyseryLupin.

The OnePlus 13R is anticipated to be similar to the Chinese-only OnePlus Ace 5. However, the newly released images indicate that this rebranded phone may not launch in the same green and gold options available for the OnePlus Ace 5. Instead, we might see black or dark gray variants.

Mobile

Does your Samsung Galaxy S22 have a bootlooping problem? You aren’t alone

Galaxy S22 Plus in green seen from the back.

The Samsung Galaxy S22 series is great, but many users have been plagued by bootloops for a year or more. If you're finding yourself among that number — don't worry, you aren't alone — Samsung does offer a potential fix. A quick search of the r/SamsungGalaxy subreddit shows multiple posts reporting bootloops from the One UI 6.1 beta update and more posts from a year or more ago. This is far from an uncommon issue.

The primary fix for this problem is to send your phone to Samsung for a replacement motherboard, although this comes at a cost since the S22 series is no longer under warranty. However, another Reddit user — u/HenryTan — shared an update that Samsung will cover the cost of repairs. It might be a matter of luck, but u/HenryTan suggests emailing the Samsung CEO for a faster response. They also admitted that being a Samsung Care member could have influenced the decision.